Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Big Web Security Firms Ditch Russia, Leaving Internet Users Open To More Kremlin Snooping (forbes.com) 16

Ordinary Russians face another major blow to their everyday lives due to the backlash to President Vladimir Putin's invasion of Ukraine. On the same day, two major web-security companies have decided to quit selling to them, making Russians' internet use more vulnerable to Kremlin snooping, hacking and other cybercrimes. From a report: The departure of the two companies, Avast, a $6 billion antivirus provider based in the Czech Republic, and Utah-based website-certification firm DigiCert, will further isolate the country of 145 million people. "We are horrified at Russia's aggression against Ukraine, where the lives and livelihoods of innocent people are at severe risk, and where all freedoms have come under attack," Avast CEO Ondrej Vlcek wrote on Thursday. Vlcek said the company was including Belarus in the withdrawal of services, and was continuing to pay the full salaries of employees in Russia and Ukraine, many of whom it was helping to relocate. "We do not take this decision lightly," Vlcek wrote. "We've offered our products in Russia for nearly 20 years and users in this country are an important part of our global community." While Avast joins other antivirus companies, including NortonLifeLock and ESET, in halting sales, Russians will still be able to get antivirus protection from Moscow-based Kaspersky and other providers within the country. The departure of DigiCert could prove more significant. DigiCert is one of the world's biggest providers of website certificates, which aim to prove that when a person visits a site it's owned by the entity they expected.
This discussion has been archived. No new comments can be posted.

Big Web Security Firms Ditch Russia, Leaving Internet Users Open To More Kremlin Snooping

Comments Filter:
  • How DigiCert is going to help prevent snooping from state sponsored entities? They just sell overpriced TLS certificates. How is this better than let's encrypt?

    I think it's not, and this is just a reason to get PR.

  • What I would like to know is what if the FSB shows up at Kaspersky headquarters, with a gun on their heads and asks to wipe (or worse) all HDs in foreign countries. Is that a threat that's worth worrying about ?
    • Given Russia's history of cybercrime and unwillingness to fulfill MLAT requests for cybercrimes, no CISO in their right mind is using Kaspersky anymore. It's some legacy stuff that was next-gen from Norton, but is nowhere near the capabilities of modern NGAV software Made-in-USA like CrowdStrike. Heck, Microsoft is beating Kaspersky on Gartner and AV-Comparatives.

      The only reasons American companies or people would continue to use Kaspersky is because they are too lazy to migrate, or have been sold on th

    • by AmiMoJo ( 196126 )

      I have backups. I'd be more worried about a National Security Letter forcing them to install a backdoor, or GCHQ using an undisclosed vulnerability to get in.

    • by tlhIngan ( 30335 )

      What I would like to know is what if the FSB shows up at Kaspersky headquarters, with a gun on their heads and asks to wipe (or worse) all HDs in foreign countries. Is that a threat that's worth worrying about ?

      How do you think antivirus updates work? They are often more than just a signature file - they often contain code elements - like perhaps better heuristics on how to detect virus-like behavior, or the scanning engine might be updated to better detect things. Like for example, the scanning engine migh

      • It doesn't just update heuristics algorithms, auto-updates update the program itself. Which means they can execute arbitrary code from a process you've granted elevated privileges, so even without taking an advantage of an exploit they can render your system unbootable. Probably brick it if they fuck around with low level hardware code.

Programmers do it bit by bit.

Working...